» microsoft-office-2013-free.exe
Overview
Analysis
File Details
Downloads (1)

microsoft-office-2013-free.exe

Setup Manager

HUSREN S. A.

The application microsoft-office-2013-free.exe by HUSREN S. A has been detected as a potentially unwanted program by 8 anti-malware scanners. The file has been seen being downloaded from downloads365.net.

File name:

Publisher:

HUSREN S. A. (signed and verified)

Product:

Setup Manager

Version:

2.7.1.83

MD5:

b5cf0d541d5f4e75b0c2745910b9ffff

SHA-1:

794ab12d32e769e3ad73b7dec1967b2c3a92c343

SHA-256:

d8791e0cfca3df8ffdefabee7988d287c1ff562d25a634b77fb07e888300b9f9

Scanner detections:

8 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 2:36:08 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2017.0.2607

Baidu Antivirus

Adware.MSIL.Colooader

4.0.3.16928

Bkav FE

W32.HfsAdware

1.3.0.7383

Comodo Security

ApplicUnwnt

23796

ESET NOD32

MSIL/Adware.Colooader (variant)

10.12749

IKARUS anti.virus

AdWare.MSIL.Colooader

t3scan.1.9.5.0

Panda Antivirus

PUP/iLivid

16.09.28.09

SUPERAntiSpyware

PUP.QualityScore/Variant

8870

File size:

155.8 KB (159,576 bytes)

Product version:

2.7.1.83

Original file name:

DynmicInstaller.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\microsoft-office-2013-free.exe

Digital Signature

Signed by:

HUSREN S. A.

Authority:

COMODO CA Limited

Valid from:

7/3/2014 6:00:00 PM

Valid to:

7/4/2015 5:59:59 PM

Subject:

CN=HUSREN S. A., O=HUSREN S. A., STREET=COLONIA 810 APTO: 502, L=MONTEVIDEO, S=MONTEVIDEO, PostalCode=11000, C=UY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

567CC889F234095C2B6877B8E8C3A484

File PE Metadata

Compilation timestamp:

7/8/2014 10:43:55 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:vPvjNbcV69dq9kB3ehmbDPmlVowKsfe+N:vPLu694cehmbDPmlVZxfe+N

Entry address:

0x21F5E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.6972

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

128 KB (131,072 bytes)

The file microsoft-office-2013-free.exe has been seen being distributed by the following URL.

http://downloads365.net/bin/.../microsoft-office-2013-free.exe

Remove microsoft-office-2013-free.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.